# Networking

## Port Scanning 

#### Powershell Ping Sweep

```
1..20 | % {"192.168.1.$($_): $(Test-Connection -count 1 -comp 192.168.1.$($_) -quiet)"}
```

#### Powershell Testing ports

```
Test-NetConnection -computername UFC-WEBPROD -Port 80
```

## Port Forwarding 

```
# Listen address is local ip of machine that will be proxy, connect address is target
netsh interface portproxy add v4tov4 listenaddress=192.168.250.10 listenport=443 connectaddress=192.168.250.22 connectport=443
```

## Firewalls

#### Listing Rules

```
netsh firewall show opmode
```

#### Disabling Firewall

```
netsh firewall set opmode mode=disable
```

#### Allowing Rule 

```
```

## Enabling PsRemoting (WinRM)

```
```

## Enabling CredSSP

```
```

## Hyper-V

#### Listing VMs

```
Get-VM
```

#### Get Info on Running VMs

```
# Show properties
get-vm -name vault-db |format-list *

# Get IP
get-vm -Name vault-db | Select -ExpandProperty Networkadapters
```

#### Manage VMs

```
# Pass creds as object
$username = "<domain>\<username>"
$password = ConvertTo-SecureString "<password>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)

# Invoke Command on a VM using creds
invoke-command -vmname <vmname> -credential $cred -scriptblock {whoami}

# Enter-PSSession
Enter-PSSession -VMName <vmname> -Credential $cred
```

#### Mounting VM Disk Image

```
# Stop VM
Stop-VM -Name vault-dc

# Mount VM and list partition
Mount-VHD -Path 'C:\Users\Public\Documents\Hyper-V\Virtual hard disks\vault-dc.vhdx' -PassThru | Get-Disk | Get-Partition | Get-Volume

# Show drives
Get-PSDrive
```

## SMB Null Session

```
enum4linux -n <IP>
enum4linux -a <IP>

# connect with smbclient and list shares
smbclient -L WORKGROUP -I <IP> -N -U ""

# Connect to shares
smbclient \\\\<IP>\\<SHARE> -N

# download
get <FILE>

# Upload
put <FILE>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cheats.philkeeble.com/windows/networking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.